Stephen Hearty
Head of Symantec Product Marketing EMEA
Alan Hall
Head of Network Security Product Marketing, Symantec by Broadcom
April 4, 2024
5 Min
The way we approach network security is undergoing a dramatic transformation. As organisations grapple with the challenges of securing a distributed workforce and protecting sensitive data, a new paradigm is emerging: Zero Trust Network Access (ZTNA). This innovative approach is not just an alternative to traditional Virtual Private Networks (VPNs) – it’s a leap forward in secure, efficient and user-friendly access management. Here’s why.
ZTNA is a security model that operates on the principle of ‘never trust, always verify’. It provides secure access to applications and services based on access control policies, regardless of where the user, device or application is located. In contrast, traditional VPNs create an encrypted tunnel between a user’s device and the corporate network, granting broad access once a user is authenticated.
ZTNA is application-centric and identity-aware, while VPNs are network-centric and perimeter-focused. This fundamental distinction sets the stage for ZTNA’s numerous advantages.
When it comes to security, ZTNA leaves traditional VPNs in the dust. It provides application-level access, as opposed to VPNs’ broad network access. This means users only get access to specific applications they need, not the entire network. It’s like giving someone a key to a specific room rather than the master key to the whole building.
ZTNA also reduces the attack surface. Unlike VPNs, which often expose ports to the internet, ZTNA keeps IP addresses hidden, making the corporate network invisible to unauthorised users. This invisibility cloak dramatically reduces the risk of network-based attacks.
While VPNs typically authenticate just once at the beginning of a session, ZTNA employs continuous authentication, constantly verifying users and devices.
This technology also offers visibility and control that traditional VPNs simply can’t match. It provides detailed insights into user activities and enforces granular access policies, giving security teams a clearer picture of what’s happening on their network. These user-centric access policies are faster to administer and less error-prone than complex VPN configurations, enabling organisations to configure them for the entire user base at scale.
While security is paramount, user experience can make or break the adoption of any technology. Here, too, ZTNA shines brightly compared to VPNs.
ZTNA offers seamless access from anywhere, eliminating the complex setup often associated with VPNs. Users can securely access applications without worrying about establishing a VPN connection or knowing where an application is located. That’s why Gartner’s Market Guide for Zero-Trust Access predicted that at least 70% of new remote access deployments will be served mainly by ZTNA instead of VPN services by 2025, up from under 10% at the end of 2021.
The connection process with ZTNA is also far simpler compared to traditional VPN clients. There’s no need to remember to turn on the VPN or wait for it to connect – access is swift and straightforward.
This newer approach improves performance and reliability by optimising traffic routing and eliminating the need to backhaul all traffic through a central location (a common VPN bottleneck).
inally, ZTNA offers superior support for the realities of modern work – including Bring Your Own Device (BYOD) policies and remote work scenarios. It adapts more readily to diverse devices and locations than traditional VPNs, making it a more realistic solution for today’s flexible work environments.
While some ZTNA solutions are designed for on-premises implementation, Symantec’s cloud-based Symantec Security Service Edge (SSE) solution embodies ZTNA to offer all of these advantages in the cloud.
While on-premises technology often requires the purchase and ongoing maintenance of servers and client software, cloud-based operations reduce costs.
ZTNA in Symantec SSE minimises setup and operational overheads thanks to agentless deployment, seamless integration with existing identity and access management systems, and support for both managed and unmanaged devices. These capabilities make it easier for organisations to implement ZTNA and realise its benefits quickly.
One feature is role-based access control (RBAC), which allows you to assign specific roles to individual users or teams. This simplifies management, cutting down on complexity while also creating a more scalable solution. As businesses expand, RBAC makes it easier to manage and adjust permissions across the organisation, giving greater control and visibility over access rights.
Symantec’s ZTNA is also part of a broader, integrated security ecosystem that allows for more comprehensive threat prevention, data protection and compliance management – creating a security posture that’s greater than the sum of its parts.
This scalability is crucial for organisations experiencing growth. As your business expands, RBAC makes it easier to adjust permissions across entire groups, ensuring that access to applications and resources remains tightly controlled and aligned with organisational policies.
The transition from VPNs to ZTNA isn’t just a trend; it’s a necessary evolution in how we approach secure access. As organisations continue to embrace digital transformation, cloud adoption and remote work, ZTNA will play an increasingly crucial role in ensuring that our digital assets remain protected, our users remain productive and our operations remain efficient.
In the end, ZTNA isn’t just about replacing VPNs – it’s about reimagining what’s possible in network security. It’s about creating a future where security enhances rather than hinders, where protection is pervasive yet invisible and where trust is continuously earned, not blindly given. That’s the promise of ZTNA, and it’s a future worth embracing.